United States Patent and Trademark Office 



UNITED STATES DEPARTMENT OF COMMERCE 
United States Patent and Trademark Office 
Address: COMMISSIONER FOR PATENTS 
P.O. Box 1450 

Alexandria, Virginia 22313-1450 
www.uspto.gov 



APPLICATION NO. 



FILING DATE 



FIRST NAMED INVENTOR 



ATTORNEY DOCKET NO. 



CONFIRMATION NO. 



09/378,226 



08/19/1999 



MARK D. RIGGINS 



40827.00011 



8867 



7590 



05/10/2005 



Jinntung Su 

MANATT, PHELPS & PHILLIPS LLP 
1001 Page Mill Road 
Building 2 

Palo Alto, CA 94303 



EXAMINER 



MOORTHY, ARAVIND K 



ART UNIT 



PAPER NUMBER 



2131 



DATE MAILED: 05/10/2005 



Please find below and/or attached an Office communication concerning this application or proceeding. 



PTO-90C (Rev. 10/03) 



Office Action Summary 


Application No. 

09/378,226 


Applicant(s) 

RIGGINS, MARK D. 


Examiner 

Aravind K. Moorthy 


Art Unit 

2131 





- The MAILING DATE of this communication appears on the cover sheet with the correspondence address - 



Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1.136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S. C. § 1 33). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1)^ Responsive to communication(s) filed on 01 April 2005 . 
2a)Q This action is FINAL. 2b)S This action is non-final. 

3) Q Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 1 1 , 453 O.G. 213. 

Disposition of Claims 

4) ^ Claim(s) 1-30 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) ^ Claim(s) 1-30 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10)^ The drawing(s) filed on 05 December 2003 is/are: a)El accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 

Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 
1 !)□ The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12)D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 119(a)-(d) or (f). 
a)D All b)D Some * c)D None of: 

1 .□ Certified copies of the priority documents have been received. 

2. D Certified copies of the priority documents have been received in Application No. . 

3. Q Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 



Attach m en t(s) 

1) K Notice of References Cited (PTO-892) 

2) O Notice of Draftsperson's Patent Drawing Review (PTO-948) 

3) □ Information Disclosure Statement(s) (PTO-1449 or PTO/SB/08) 

Paper No(s)/Mail Date . 



4) □ Interview Summary (PTO-413) 

Paper No(s)/Mail Date. . 

5) □ Notice of Informal Patent Application (PTO-152) 

6) □ Other: . 



U.S. Patent and Trademark Office 
PTOL-326 (Rev. 1-04) 



Office Action Summary 



Part of Paper No./Mail Date 05052005 



Application/Control Number: 09/378,226 Page 2 

Art Unit: 2131 

DETAILED ACTION 

1. This is in response to the amendment filed on 1 April 2005. 

2. Claims 1-30 are pending in the application. 

3. Claims 1-30 have been rejected. 

Continued Examination Under 37 CFR 1.114 

4. A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 
CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible 
for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been 
timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 
1.114. Applicant's submission filed on 1 April 2005 has been entered. 

Response to Arguments 

5. Applicant's arguments with respect to claims 1-30 have been considered but are moot in view 
of the new ground(s) of rejection. 

Claim Rejections - 35 USC § 112 
The following is a quotation of the second paragraph of 35 U.S.C. 1 12: 

The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the 
subject matter which the applicant regards as his invention. 

6. Claims 19 and 20 are rejected under 35 U.S.C. 112, second paragraph, as being 
incomplete for omitting essential steps, such omission amounting to a gap between the 
steps. See MPEP § 2172.01. 

The omitted steps are: steps for "deriving a key". The applicant recites "sending a 
decryption downloadable for deriving a key from a password and a hint". However, there are no 
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steps recited in how the key is actually derived. Additionally, there is no end result to both 
claims. 

Claim Objections 

7. Claim 30 is objected to because of the following informalities: misspelling. The word "the" 
has been misspelled as "thee". Appropriate correction is required. 

Claim Rejections - 35 USC § 102 
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

(e) the invention was described in a patent granted on an application for patent by another filed in the United 
States before the invention thereof by the applicant for patent, or on an international application by another who 
has fulfilled the requirements of paragraphs (1), (2), and (4) of section 371(c) of this title before the invention 
thereof by the applicant for patent. 

The changes made to 35 U.S.C. 102(e) by the American Inventors Protection Act of 1999 
(AIPA) and the Intellectual Property and High Technology Technical Amendments Act of 2002 
do not apply when the reference is a U.S. patent resulting directly or indirectly from an 
international application filed before November 29, 2000. Therefore, the prior art date of the 
reference is determined under 35 U.S.C. 102(e) prior to the amendment by the AIPA (pre-AIPA 
35 U.S.C. 102(e)). 

8. Claims 1, 2, 4-6 and 8-19 are rejected under 35 U.S.C, 102(e) as being anticipated by 
Grawrock U.S. Patent No. 6,360,322 Bl. 

As to claims 1 and 8, Grawrock discloses a method, comprising: 
obtaining a hint [column 5, lines 1-42]; 
obtaining a password [column 5, lines 1-42]; 
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sending the hint to a client [column 5, lines 1-42]; 

performing a hashing algorithm on the hint and the password to generate a 
key [column 6 line 52 to column 7 line 27]; 

encrypting data using the key [column 6 line 52 to column 7 line 27]; 
sending the encrypted data to a server for storage [column 6 line 52 to 
column 7 line 27]; and 
As to claim 2, Grawrock discloses that the step of performing a hashing algorithm 
includes hashing the password [column 6 line 52 to column 7 line 27]. 
As to claim 4, Grawrock discloses a system, comprising: 

a user interface for obtaining a password [column 5, lines 1-42]; 
a key generator coupled to the, user interface for performing a hashing 
algorithm on a hint and the password to generate a key [column 6 line 52 to 
column 7 line 27]; 

an encryption engine coupled to the key generator for encrypting data 
using the key [column 6 line 52 to column 7 line 27]; 

a communications module coupled to the engine for sending the encrypted 
data and the hint to a server for storage [column 6 line 52 to column 7 line 27]. 
As to claim 5, Grawrock discloses a hint generator for generating the hint [column 5, 
lines 1-42]. 

As to claim 6, Grawrock discloses that the key generator hashes the password [column 6 
line 52 to column 7 line 27]. 
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As to claim 9, Grawrock discloses that the system includes code stored on a 
computer-readable storage medium [column 2, lines 47-53]. 

As to claim 10, Grawrock discloses that the system includes code embodied in a carrier 
wave [column 2, lines 47-53]. 

As to claim 11, Grawrock suggests receiving a request to store encrypted data from a 
client [column 2, lines 54-62]. Grawrock discloses sending an encryption downloadable for 
deriving a key to encrypt data to the client [column 3, lines 5-13]. Grawrock teaches receiving 
encrypted data that was encrypted by the encryption downloadable from the client [column 3, 
lines 14-22]. Grawrock discloses obtaining a hint corresponding to the encrypted data and 
needed for regenerating the key and storing the hint and the encrypted data [column 6 line 52 to 
column 7 line 27]. 

As to claim 12, Grawrock discloses an encryption downloadable for deriving an 
encryption key from a password and a hint [column 5, lines 1-42]. Grawrock suggests a web 
server for interfacing with a client for sending the encryption downloadable to the client [column 
3, lines 5-13], Grawrock discloses receiving encrypted data that was encrypted by the encryption 
downloadable from the client [column 3, lines 5-13]. Grawrock suggests memory coupled to the 
web server for storing a hint corresponding to the encrypted data and needed to regenerate the 
key from the client and the encrypted data [column 5, lines 1-42]. 

As to claims 13 and 16, Grawrock discloses a method, comprising: 
obtaining a password [column 5, lines 1-42]; 

sending encrypted data and a hint corresponding to the encrypted data 
from a server to a client [column 5, lines 1-42]; and 
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performing a hashing algorithm on the password and the hint at the client 
to generate a key for decrypting the encrypted data [column 6 line 52 to column 7 
line 27]. 

As to claim 14, Grawrock discloses that the step of performing a hashing algorithm 
includes hashing the password [column 6 line 52 to column 7 line 27]. 
As to claim 15, Grawrock discloses a system, comprising: 

a user interface for obtaining a password [column 5, lines 1-42]; 
a communications module for sending encrypted data and a hint 
corresponding to the encrypted data from a server to a client [column 5, lines 1- 
42]; and 

a key generator for performing a hashing algorithm on the password and 
the hint at the client to generate a key for decrypting the encrypted data [column 6 
line 52 to column 7 line 27], 
As to claim 17, Grawrock discloses that the system includes code stored on a 
computer-readable storage medium [column 2, lines 47-53]. 

As to claim 18, Grawrock suggests that the system includes code embodied in a carrier 
wave [column 2, lines 47-53]. 

As to claim 19, Grawrock discloses a method, comprising: 

receiving identification of encrypted data [column 2, lines 54-62]; 
sending a decryption downloadable for deriving a key from a password 
and a hint to a client [column 5, lines 1-42]; 
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sending a hint corresponding to the encrypted data to the client [column 5, 
lines 1-42]; and 

deriving the key by hashing at least one of the hint and the password 
[column 6 line 52 to column 7 line 27]. 
9. Claims 3, 7 and 20-30 are rejected under 35 U.S.C. 102(e) as being anticipated by 
Challener et al U.S. Patent No. 6,470,454 Bl. 

As to claim 3, Challener et al discloses a method, comprising: 
obtaining a hint [column 5, lines 28-50]; 
obtaining a password [column 5, lines 28-50]; 

performing a hashing algorithm on the hint and the password to generate a 
key, wherein the step of performing a hashing algorithm includes hashing the 
password to derive a first secret [column 5, lines 51-58], hashing the first secret to 
derive a second secret, hashing the hint and the first secret to generate an 
intermediate index, and hashing the intermediate index and the second secret to 
generate the key [column 5 line 59 to column 6 line 33]; 

encrypting data using the key [column 5 line 59 to column 6 line 33]; and 
sending the encrypted data to a server for storage [column 5 line 59 to 
column 6 line 33]. 
As to claim 7, Challener et al discloses a system, comprising: 

a user interface for obtaining a password; [column 5, lines 28-50] 
a key generator coupled to the user interface for performing a hashing 
algorithm on a hint and the password to generate a key wherein the key generator 
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hashes the password to derive a first secret [column 5, lines 51-58], hashes the 
first secret to derive a. second secret, hashes the hint and the first secret to generate 
an intermediate index, and hashes the intermediate index and the second secret to 
generate the key [column 5 line 59 to column 6 line 33]; 

an encryption engine coupled to the key generator for encrypting data 
using the key [column 5 line 59 to column 6 line 33]; and 

a communications module coupled to the engine for sending the encrypted 
data to a server for storage [column 5 line 59 to column 6 line 33]. 
As to claim 20, Challener et al discloses a method, comprising: 

obtaining a password [column 5, lines 28-50]; 

deriving a first secret from the password [column 5, lines 28-50]; 

receiving a hint corresponding to data to be decrypted from a server 
[column 5, lines 28-50]; 

deriving an intermediate index from the first secret and the hint [column 5 
line 59 to column 6 line 33]; and 

. sending the intermediate index to the server [column 5 line 59 to column 6 
line 33]. 

As to claim 21, Challener et al discloses a client-based method, comprising: 

obtaining a password [column 5, lines 28-50]; 
deriving a first secret from the password [column 5, lines 28-50]; 
receiving a hint corresponding to data to be decrypted from a 
server [column 5, lines 28-50]; 
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deriving an intermediate index from the first secret and the hint 
[column 5 line 59 to column 6 line 33]; and 

sending the intermediate index to the server [column 5 line 59 to 
column 6 line 33]. 

As to claim 22, Challener et al discloses that deriving the first secret includes hashing the 
password [column 5, lines 28-50]. 

As to claim 23, Challener et al discloses that deriving an intermediate index includes 
hashing the first secret and the hint [column 5 line 59 to column 6 line 33]. 
As to claim 24, Challener et al discloses a system, comprising: 

a user interface for obtaining a password [column 5, lines 28-50]; 
an index generator coupled to the user interface for generating an 
intermediate index from a hint received from a server and a secret derived from 
the password [column 5 line 59 to column 6 line 33]; and 

a communications engine coupled to the index generator for sending the 
intermediate index to the server [column 5 line 59 to column 6 line 33]. 
As to claim 25, Challener et al discloses that the index generator generate the 
intermediate index by hashing the hint and the secret [column 5 line 59 to column 6 line 33]. 
As to claim 26, Challener et al discloses a system, comprising: 

means for obtaining a password [column 5, lines 28-50]; 

means for deriving a first secret from the password [column 5, lines 28- 

50]; 
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means for receiving a hint corresponding to data to be decrypted from a 
server [column 5, lines 28-50]; 

means for deriving an intermediate index from the first secret and the hint 
[column 5 line 59 to column 6 line 33]; and 

means for sending the intermediate index to the server [column 5 line 59 
to column 6 line 33]. 

As to claim 27, Challener et al discloses that the system includes code stored on a 
computer-readable storage medium [column 3, lines 22-35]. 

As to claim 28, Challener et al suggests that the system includes code embodied in a 
carrier wave [column 3, lines 22-35]. 

As to claim 29, Challener et al discloses a server-based method, comprising: 

receiving an indication of encrypted data to be decrypted [column 6, lines 

21-57]; 

transmitting to a client a hint corresponding to the indication [column 6, 
lines 21-57], and a decryption downloadable for deriving an intermediate index 
from a password and the hint [column 6, lines 21-57]; 

receiving the intermediate index from the client [column 5 line 59 to 
column 6 line 33]; 

deriving a decryption key from a second secret corresponding to the user 
and the intermediate index [column 5 line 59 to column 6 line 33]. 
As to claim 30, Challener et al discloses a system, comprising: 

a second secret corresponding to a user [column 6, lines 21-57]; 
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a decryption downloadable for generating an intermediate index from a 
password and a hint [column 6, lines 21-57]; 

a web server for receiving an indication of encrypted data to be decrypted 
[column 5 line 59 to column 6 line 33], for transmitting the decryption 
downloadable and a hint corresponding to the indication to a client [column 5 line 
59 to column 6 line 33], and for receiving an intermediate index from the client 
[figure 6]; and 

a server-resident module for deriving a key for decrypting the encrypted 
data from the second secret and the intermediate index [column 5 line 59 to 
column 6 line 33]. 
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Conclusion 



10. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Aravind K. Moorthy whose telephone number is 571-272-3793. 
The examiner can normally be reached on Monday-Friday, 8:00-5:30. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz R. Sheikh can be reached on 571-272-3795. The fax phone number for the 
organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 



Aravind K Moorthy f 
May 5, 2005 : 





